<?php
include ('header.php');
if ($admin==1) {
sql_query ("CREATE TABLE IF NOT EXISTS `menu` (
`id` INT NOT NULL AUTO_INCREMENT ,
`title` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`desc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`address` VARCHAR( 65535 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`access` INT NOT NULL default '1',
`parent` INT NOT NULL DEFAULT '0',
`child` INT NOT NULL DEFAULT '0',
`type` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`order` INT NOT NULL,
PRIMARY KEY ( `id` ) 
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;") or die(mysql_error());

//Изменяем
if ($actp=='update')
{
$title = mysql_real_escape_string($_POST['title']);
if ($_POST['link']==True) {$type='link';$l=1;} else {$type='dir';$l=0;}
$address = translitURL($_POST['address'],$l);
$desc = mysql_real_escape_string($_POST['desc']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
if(isset($_POST['id'])) {if(!preg_match('/[^0-9]/ui',$_POST['id'])) {$id=$_POST['id'];} else { echo 'Хакер?=))';}};
if(isset($_POST['order'])) {if(!preg_match('/[^0-9]/ui',$_POST['order'])) {$order=$_POST['order'];} else { echo 'Хакер?=))';}};
if(isset($_POST['parent'])) {if(!preg_match('/[^0-9]/ui',$_POST['parent'])) {$parent=$_POST['parent'];} else { echo 'Хакер?=))';}};
//echo 	'@'.$id.'@'.$title.'@'.$address.'@'.$desc;
if ($parent!=0) {sql_query ("UPDATE `menu` SET 
`child` = 1 WHERE `id` ='$parent';") or die(mysql_error());}
sql_query ("
UPDATE `menu` SET 
`title` = '$title',
`access` = '$access',
`desc` = '$desc',
`address` = '$address' ,
`type` = '$type',
`order` = '$order',
`parent` = '$parent'
WHERE `id` ='$id';") or die(mysql_error());
echo 'Изменено';
	}


//добавляем
if ($actp=='add') {
$title = mysql_real_escape_string($_POST['title']);
if ($_POST['link']==True) {$type='link';$l=1;} else {$type='dir';$l=0;}
$address = translitURL($_POST['address'],$l);
$desc = mysql_real_escape_string($_POST['desc']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
if(isset($_POST['order'])) {if(!preg_match('/[^0-9]/ui',$_POST['order'])) {$order=$_POST['order'];} else { echo 'Хакер?=))';}};
if(isset($_POST['parent'])) {if(!preg_match('/[^0-9]/ui',$_POST['parent'])) {$parent=$_POST['parent'];} else { echo 'Хакер?=))';}};
	sql_query ("INSERT INTO `menu` VALUES (
NULL , '$title', '$desc', '$address', '$access', '$parent', 0, '$type','$order');") or die(mysql_error());
if ($parent!=0) {sql_query ("UPDATE `menu` SET `child` = 1 WHERE `id` ='$parent';") or die(mysql_error());}
echo 'Добавленно'; 
}

if ($act=='delete') {
	$id = mysql_real_escape_string($_GET['id']);
	sql_query ("DELETE FROM `menu` WHERE `id` = '$id';") or die(mysql_error());
	echo 'Удалено';}




	$menuz=sql_query ("SELECT * FROM `menu`");
	echo '<table width="100%" border="1">
  <tr>
    <th scope="col">ИД</th>
    <th scope="col">Название</th>
    <th scope="col">Описание</th>
    <th scope="col">Адрес</th>
    <th scope="col">Доступ</th>
	<th scope="col">Тип</th>
	<th scope="col">Порядок</th>
	<th scope="col">Родитель</th>
	<th scope="col">Действия</th>
  </tr>';
	while ($menu = mysql_fetch_array($menuz))
	{
	echo '
<tr style="vertical-align:top">
    <td><form action="menu_edit.php" method="post"><input name="id" type="hidden" value="'.$menu['id'].'" />'.$menu['id'].'</td>
    <td><input name="title" type="text" value="'.$menu['title'].'" style="width:98%"></td>
    <td><textarea name="desc" style="width:98%">'.$menu['desc'].'</textarea></td>
    <td><input name="address" type="text" value="'.$menu['address'].'" style="width:98%"></td>
    <td><select size="1" name="access" style="width:98%">
  <option value="1"';  if ($menu['access']!=100 && $menu['access']!=2) {echo ' selected';}; echo '>для всех</option>
  <option value="2"';  if ($menu['access']!=100 && $menu['access']!=1) {echo ' selected';}; echo '>для зарегистрированных</option>
  <option value="100"';  if ($menu['access']!=1 && $menu['access']!=2) {echo ' selected';}; echo '>для админов (черновик)</option>
	</select></td>
	 <td><label><input name="link" type="checkbox" value="1"'; if ($menu['type']=='link') { echo ' checked ';}  echo '/> Cсылка</label></td>
	 <td>Порядок: <input name="order" type="text" size="3" maxlength="3" value="'.$menu['order'].'"/></td>
	 <td>Родитель: <input name="parent" type="text" size="3" maxlength="3" value="'.$menu['parent'].'"/></td>
	<input name="act" type="hidden" value="update" />
	<td><input name="" type="submit" value="Изменить" /></form>
	<a href="?act=delete&amp;id='.$menu['id'].'"><strong>Удалить</strong></a></td>
</tr>';
	}
	echo '
</table>';

echo '<br /><br /><form action="menu_edit.php" method="post">
	Название: &nbsp;<input name="title" type="text" style="width:500px">
    <br />Описание: <textarea name="desc" style="width:500px"></textarea>
    <br />Адрес: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input name="address" type="text" style="width:500px">
    <br />Доступ: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<select size="1" name="access" style="width:500px">
  <option value="1">для всех</option>
  <option value="2">для зарегистрированных</option>
  <option value="100">для админов (черновик)</option>
	</select><br />
	<label><input name="link" type="checkbox" value="1" /> Cсылка</label><br />
Порядок: <input name="order" type="text" size="3" maxlength="3" /><br />
Родитель: <input name="parent" type="text" size="3" maxlength="3" value:"0" />
	<input name="act" type="hidden" value="add" /><br />
	<input name="" type="submit" value="Добавить" /></form>';

include ('footer.php');
} else {echo 'Недостаточно прав';};
?>